Malware is any type of software designed to damage or gain unauthorised access to a computer system, and it’s been wreaking havoc across the globe with no signs of slowing down. Although it is typically businesses that make the news when there’s a data breach, the fact of the matter is that everyone is vulnerable to malware attacks. In fact, the WannaCry ransomware attack of 2017 crippled the National Health Service (NHS) as well as its patients. The attack caused patients to experience delays in their medical procedures, and some weren’t even allowed admission to hospital. Oddly enough, the NHS was not the intended target of the attack; it was all the result of failing to update its software when notified that a patch was available. Like leaving a door wide open, this signalled a weakness in the NHS’s operating system.
The impact of a malware attack can be devastating. According to government statistics, it takes more than a week to recover from most types of attacks, and costs to the UK can easily exceed £1 million per attack.
In order to protect yourself from cyber-attacks, it is important to understand what the different types of malware are. By grouping malware into categories based on their intended outcome, it is easier to identify it and protect yourself from it. In this article, we’ll discuss contagious malware, concealment malware and secret-stealing malware, as well as best practices for guarding against it.
Contagious Malware
There are many different types of malware, but there are two types that have been around since the dawn of the internet: viruses and worms. Both were created without malice by university students testing code, but they ultimately realised that there were ways to access and manipulate the computers of end users. Because of the financial motivation to do so, especially in banking, we still see these contagious types of malware today.
Viruses
Viruses rely on files or programs to spread between computers. The virus must be engaged with by a user in order to for it to spread to other computers, so it is important to be able to recognise them before accidentally triggering them. The effects of a virus are varied. Some damage files, some interrupt the way a file or software functions and some can even affect remote targets by contributing to ‘distributed denial-of-service’ (DDoS) attacks. Viruses also have the ability self-replicate and potentially overload a network, taking it down without much, if any, warning.
Worms
Although they can cause the same type of damage as viruses, worms are a more intelligent type of malware, with the ability to travel independently between computers. They don’t need an attachment to spread and exploit known software vulnerabilities. Instead of having to click on an attachment or link, the user may unknowingly open an email with a hidden attachment. Or perhaps a user may click on a link to a website not realising it is a malicious, phony website. In turn, an automatic download is triggered without the user knowing. Some worms are created with the simple intention to provide access to hackers so they can take over the network and wreak havoc as they wish.
Concealment Malware
Hackers can be quite clever when it comes to devising a cyber-attack. Any criminal knows that a decoy can give them the time they need to distract their victim and conceal the crime in progress. It is the same with cyber-attacks, as there are two types of concealment malware that don’t directly cause damage, but help other types of malware enter networks without being detected.
Rootkits
Rootkits act like an invisible shield, obscuring any traces of malware from a computer’s antivirus software. That means the user can’t identify and patch the vulnerability, and the malware is able to steal data, manipulate files and render networks useless. It is because of rootkits that users find themselves scratching their heads, wondering why they didn’t notice the malicious malware until the damage was done.
Trojans
A trojan is a type of concealment malware that appears harmless but hides destructive files within. They’re typically disguised as innocent software that is accidentally downloaded by a user who thinks they’re doing something helpful for their computer. For example, they may see a popup window that says, ‘Your system has identified a potential virus. Click here to protect your device’. Once the trojan is activated, the concealed malware does its job with its malicious code hidden within, similar to the way the Greeks were able to invade the city of Troy in the famous Trojan Horse story.
Secret-stealing Malware
While some malware is designed to access a system as quickly as possible and get what it needs, there are some types of malware that are designed with the intention to steal ongoing information from users instead of immediately destroying systems or disrupting business. It is designed to hide in a system for as long as possible as it acquires sensitive personal and financial information.
Ransomware
One type of secret-stealing malware that often makes headlines is ransomware. Ransomware interferes with a user’s ability to access their data, rendering the computer unusable until the user pays some sort of ransom. Typically, a user will log in and see a screen that describes how to pay in order to unlock or return their data. The user is typically ordered to pay via cryptocurrency such as bitcoin, which allows the payee to remain anonymous. It is typically corporate networks that are targeted by ransomware, but the NHS has also been impacted by it.
Ransomware rears its ugly head via different strains, but they all ultimately have the same purpose of withholding a user’s data for some sort of ransom. Here are three common types of ransomware:
- Locker ransomware – Locks the computer until ransom is paid, without interfering with files.
- Encrypting ransomware – Interferes with files by encrypting them in an effort to block them.
- Master boot record (MBR) ransomware – Overwrites computers and disables them from the ability to reboot, marking them completely useless. MBR ransomware typically results in significant loss of data and is difficult to recover from.
Spyware
Cyber-criminals use spyware to illegally gain access to sensitive or personal data by taking it right from the user’s hard drive. Once the data is in the wrong hands, it can be used for various crimes, including identity theft.
Keyloggers
A keylogger logs and records every key a user presses on their keyboard. This includes their usernames and passwords, which open the doors to countless opportunities to steal personal and corporate data.
How to Detect Malware
You may have malware hiding in your computer or network as you read this article. The key to preventing damage is to identify malware as soon as possible and to constantly be on the lookout for it. Watch for the following symptoms that could be signs of one of many different types of malware on your computer or network:
- Decreased speed or diminished performance – Malware may be sneaky, but one thing it hasn’t mastered is the ability to hide without slowing the speed and performance of a computer or network. Malware typically needs a lot of processing power, meaning it may crash programs or significantly slow them down. If you notice such problems, contact IT immediately.
- Decreased storage capabilities – Malware takes up a lot of free space when it self-replicates on a hard drive. If you notice a lack of storage availability, that’s another indicator that you may have malware on your drive.
- Unusual file names or duplicate files – If you find unusual file names or duplicate files in unexpected places, that’s an indicator that malware has created, replaced or even deleted the files you need. Regularly auditing your folders can help you identify suspicious files.
How to Protect Against Different Types of Malware
Once you’re aware of the different types of malware threats, it is easier to protect against them. The importance of protecting against it before it reaches your network cannot be emphasised enough, as it can cause rapid destruction once it infects a computer or network and can be difficult to remove.
Malware attacks can do a significant amount of damage to a business, whether as a result of stolen funds, loss of client trust and even fines related to the General Data Protection Regulation (GDPR). These days, it is absolutely vital to have an IT expert you can trust to test your current cyber-security practices and monitor your system for malware. It starts with a comprehensive cyber-security plan that not only reduces the potential for damage, but helps you recover quickly in the event of a breach.
Diversify Your Security Software
You should seek out the opinions of experts on the best types of antivirus software, but you should also do your due diligence and make sure they’re addressing all of your security concerns. You know your business more than they do, so don’t just seek out their services and assume they have you covered. Make sure they take into account the different types of malware, and appropriately diversify solutions that protect against each specific threat.
Have a Reliable Firewall
Consider all the different ways your business connects to the internet, whether through browsing websites, opening emails or conducting VOIP calls, they all need to pass through a firewall. Make sure yours is strong enough to block out malicious data while still allowing your employees to conduct business.
Rely on Data Encryption
If hackers can encrypt your data without you knowing, why not beat them to the punch? By encrypting your sensitive data, you’re making it useless to cyber-criminals. Depending on the needs of your organisation, there are different encryption solutions available.
Implement Automatic Updates
When a software developer identifies a weakness in its product, it creates a patch to fix the issue. Users are then notified to apply the patch in order to fix the problem. Unfortunately, users don’t always take the time to apply the patch. Hackers realise this and quickly seek out the unpatched programs in order to gain unauthorised access to them. An automatic update will apply the patch before hackers get to it, essentially shutting the door before they can get in.
Create Strict Policies for Shared Devices
Remember that malware can replicated easily through shared files. Consider enforcing a strict policy that disallows USBs or any other type of device to be used on your organisation’s computers. You should also keep a register of all portable devices (eg laptops and smartphones) and make sure you can remotely reset them in case they’re lost or stolen.
Train Your Employees and Enforce Strict Password Rules
No amount of security is strong enough if your staff isn’t trained on cyber-security best practices. Conduct regular training sessions to ensure that they take cyber-security seriously and make it habitual. This includes teaching them how to identify phishing attacks and ensuring they change their passwords regularly. Make sure common passwords aren’t shared between their personal accounts and their business accounts, and require combinations of symbols, numbers and letters that make them difficult to crack.
Back It Up
Consider sending your data to a secure, remote server at an off-site location. Doing so can minimise losses in the event of an attack.
Prepare for a Worst-Case Scenario
Equip your organisation with a comprehensive cyber-security plan that can limit damage if it occurs and help you promptly alert authorities in the event of an attack. Doing so will protect your reputation and ensure you meet GDPR disclosure requirements.
As the internet becomes more robust, different types of malware will continue to pose threats to organisations of all types. Never assume an attack won’t happen to you. In fact, it is often small businesses that are victimised since they’re less likely to have strong defences against cyber-attacks. By understanding the different types of threats, you’ll be better protected from them.
About EC-MSP, your IT support partner
EC-MSP are one of the most trusted IT support providers in London. If you would like more help, advice and support with protecting against the dangerous of malware threats to your business, or help with any other IT support issues, contact us today to see how we can help.
